Closed monperrus closed 8 years ago
does this mean that a page can read my clipboard? (which sometimes contains passwords...)
Not directly from Clipboard, but when you press Ctrl + C
or Ctrl + V
, scripts on the active page have access to the content.
You can try it yourself. Just open the Web Console and paste the following code:
document.addEventListener('copy', function(e){
console.error(e);
});
document.addEventListener('paste', function(e){
console.error(e);
});
I am going to enable dom.event.clipboardevents.enabled
on compatible modes for the next version though.
Thanks for the report.
If it is disabled (dom.event.clipboardevents.enabled = false), there is a problem with:
Disabling dom.event.clipboardevents.enabled breaks copy'n'paste in many sites, such as Github inline editor, Gmail, etc.
What's the privacy rationale behind disabling dom.event.clipboardevents.enabled?